How Cyberattacks Hurt the Wealthy

At Morgan Stanley Wealth Management recently, the bank’s cybersecurity team noticed fraudulent login attempts into accounts of a wealthy client, and immediately tried to contact her through her financial advisor.

Oddly, the client—a woman who was retired and always accessible—couldn’t be reached.

When the advisor finally tracked her down through a mutual friend, Morgan Stanley learned a malware infection on the client’s home computer had given a cyber criminal access to her keystrokes, allowing him over the course of a month to track logins and passwords to her financial accounts, email, and mobile phone.

Once the criminal had everything he needed, “he essentially took over her entire digital life in one night and then was attempting to move money out of her financial accounts,” says Rachel Wilson, head of cybersecurity, Morgan Stanley Wealth Management Technology.

By taking over her email and phone too, the criminal shut down the bank’s usual routes for reaching her. Fortunately, the bank found the client early enough to stop the fraud and help her reconstitute her digital accounts on a new, uninfected device, Wilson says.

But, she adds, “this is the kind of cyberattack we’re seeing against individuals more and more.” By attacking a person’s means of communicating, a cyberactor “can really prolong that window of vulnerability and increase their chances of being able to monetize access,” Wilson says.

In other words, setting up strong authentication options on financial accounts to prove who is a registered user isn’t enough. Similar strong authentication options—such as the use of fingerprints, or other biometrics—are also needed to protect email, mobile phones, and social media accounts.

This is particularly true for ultra wealthy individuals and celebrities with active social media accounts, which some protect with easy-to-decipher passwords, despite their importance. A Facebook account owned by someone with hundreds or thousands of followers may be filled with “highly curated content that is really at the core of their persona,” she says.

Cyberactors who get hold of these accounts often threaten to delete them unless they receive a ransom, Wilson says.

And clients will take the bait. Some even turn to their financial advisors for help in paying a ransom. But that at least allows a financial advisor to quickly halt a deal. Not only is it the wrong thing to do, “that first ransom payment just becomes the precursor to the next,” Wilson says.

Instead, Morgan Stanley advises reaching out to the social media company where the account is based to have the password reset. Then they advise clients to create new, strong authentication protections for all their social media accounts.

A big achilles heel for many wealthy individuals is the family office, particularly a single-family office that is managing funds for a large wealthy family.

As Citi Private Bank wrote in a report on family office governance early this year, “Many family offices have the wealth commensurate with small and medium-sized enterprises, but often do not have the same levels of information security.”

Citi recommends family offices develop a comprehensive information security program that’s flexible enough to adapt to new potential threats.

Most family offices outsource or share information technology resources with other offices to address cybersecurity, although Citi says a “growing number” are hiring IT professionals as staff, and a cottage industry has emerged to provide training and technology to wealthy families.

Hiring an IT professional, whether internally or not, is good, but Wilson advises clients to find out if they are maintaining high standards. “If you don’t ask, you don’t know,” she says.

Of course, criminals do their best to find their way around roadblocks, creating a “constant cat-and-mouse game,” Wilson says.

To stay ahead, Morgan Stanley has a team of people dedicated to “threat intelligence,” and they work closely with peer financial firms about “what they’re seeing, what we’re seeing,” she says. “That’s really raising the waterline for the whole industry.”

Zachys is hosting an auction in honor of the producer’s 150-year anniversary featuring bottles from 1868 and 1870

How Cyberattacks Hurt the Wealthy

At Morgan Stanley Wealth Management recently, the bank’s cybersecurity team noticed fraudulent login attempts into accounts of a wealthy client, and immediately tried to contact her through her financial advisor.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.